I received a (relatively) well crafted Phishing email today. It was
clearly a well planned campaign. The Spamassassin score was as follows:
X-Spam-Status: No, score=-0.4 required=5.0
tests=GOOG_REDIR_NORDNS=0.001,
HTML_FONT_LOW_CONTRAST=0.001,HTML_MESSAGE=0.001,
NORDNS_LOW_CONTRAST=0.001,RCVD_IN_DNSWL_HI=-5,RDNS_NONE=1.274,
SPF_FAIL=0.919,SPF_HELO_NONE=0.001,URIBL_BLOCKED=0.001,WIKI_IMG=2.397
autolearn=disabled version=3.4.6
DNS white-hole list checks should never ever pass if the SPF checks
fail. In fact, I can't think of any whitelist test that should pass if
SPF fails. I could attach a higher score to SPF_FAIL, but that would
unduly affect cases where the sender wasn't white listed.
I need a way to force Spammassassin to negate the effect of one test on
the passing of another.